What: /sys/firmware/secvar Date: August 2019 Contact: Nayna Jain Description: This directory is created if the POWER firmware supports OS secureboot, thereby secure variables. It exposes interface for reading/writing the secure variables What: /sys/firmware/secvar/vars Date: August 2019 Contact: Nayna Jain Description: This directory lists all the secure variables that are supported by the firmware. What: /sys/firmware/secvar/format Date: August 2019 Contact: Nayna Jain Description: A string indicating which backend is in use by the firmware. This determines the format of the variable and the accepted format of variable updates. On powernv/OPAL, this value is provided by the OPAL firmware and is expected to be "ibm,edk2-compat-v1". On pseries/PLPKS, this is generated by the kernel based on the version number in the SB_VERSION variable in the keystore. The version numbering in the SB_VERSION variable starts from 1. The format string takes the form "ibm,plpks-sb-v" in the case of dynamic key management mode. If the SB_VERSION variable does not exist (or there is an error while reading it), it takes the form "ibm,plpks-sb-v0", indicating that the key management mode is static. What: /sys/firmware/secvar/vars/ Date: August 2019 Contact: Nayna Jain Description: Each secure variable is represented as a directory named as . The variable name is unique and is in ASCII representation. The data and size can be determined by reading their respective attribute files. Only secvars relevant to the key management mode are exposed. Only in the dynamic key management mode should the user have access (read and write) to the secure boot secvars db, dbx, grubdb, grubdbx, and sbat. These secvars are not consumed in the static key management mode. PK, trustedcadb and moduledb are the secvars common to both static and dynamic key management modes. What: /sys/firmware/secvar/vars//size Date: August 2019 Contact: Nayna Jain Description: An integer representation of the size of the content of the variable. In other words, it represents the size of the data. What: /sys/firmware/secvar/vars//data Date: August 2019 Contact: Nayna Jain Description: A read-only file containing the value of the variable. The size of the file represents the maximum size of the variable data. What: /sys/firmware/secvar/vars//update Date: August 2019 Contact: Nayna Jain Description: A write-only file that is used to submit the new value for the variable. The size of the file represents the maximum size of the variable data that can be written.